General

  • Target

    Built.exe

  • Size

    6.9MB

  • Sample

    241030-rg5hfawpbq

  • MD5

    a794e4a754219f34faf2b57d864acc0f

  • SHA1

    1e1b51db3a0577af9ad39de50b5af5c700548b3c

  • SHA256

    48851c438b38f3217d89d0ea193a23f983546fdded868a84f17710f4c8a0ebeb

  • SHA512

    dea08564daf378f01507e5a5c5f2810118857b9e4dc1f26f4229cd729483d00ca4a12e1c002abedd79735960edb8fe51dae4a511ec7939c3e5fb99d5b70135da

  • SSDEEP

    98304:lVpRDjWM8JEE1FFggJuamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRpYRJJcK:FR0rVJ3eNTfm/pf+xk4dWRpmrbW3jmrr

Malware Config

Targets

    • Target

      Built.exe

    • Size

      6.9MB

    • MD5

      a794e4a754219f34faf2b57d864acc0f

    • SHA1

      1e1b51db3a0577af9ad39de50b5af5c700548b3c

    • SHA256

      48851c438b38f3217d89d0ea193a23f983546fdded868a84f17710f4c8a0ebeb

    • SHA512

      dea08564daf378f01507e5a5c5f2810118857b9e4dc1f26f4229cd729483d00ca4a12e1c002abedd79735960edb8fe51dae4a511ec7939c3e5fb99d5b70135da

    • SSDEEP

      98304:lVpRDjWM8JEE1FFggJuamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRpYRJJcK:FR0rVJ3eNTfm/pf+xk4dWRpmrbW3jmrr

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks